This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
Price: $290 per Unix/Linux server, $45 per workstation
Centralized directory services such as Active Directory are key to identity management initiatives, but one of the stumbling points has been integrating non-Microsoft platforms into the authentication infrastructure. Symark PowerADvantage eases integration of Unix/Linux and AD authentication.
PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities.
All major enterprise Unix and Linux platforms are supported. Other Linux platforms such as Fedora are likely to work, provided they have relatively modern Kerberos and LDAP implementations.
Installation consists of a Windows-based service on the AD domain controllers and an agent with associated libraries on the managed Unix/Linux hosts. The Windows components do not require the schema to be modified, but do create some Symark-specific objects within AD.
Installation is a breeze: a straightforward MSI install on Windows and a tarball under Unix, which includes a text-based install script that walks you through the setup.
Normally, setting up Kerberos/LDAP on Unix hosts can be tricky, since each platform implements the protocols slightly differently with different flavors and locations of configuration files. Symark addresses this, abstracting Keberos/LDAP protocol implementation quirks on many Unix implementations, easing the headaches of configuring protocols on a given platform.
This was first published in November 2008